commit cf447df78529dfd879c2c106afb37cfc1dba1c61 Author: kitoy Date: Sat Aug 13 00:18:13 2022 +0200 Mise à jour de 'Configuration pywallter avec Nginx ' diff --git a/Configuration-pywallter-avec-Nginx---.md b/Configuration-pywallter-avec-Nginx---.md new file mode 100644 index 0000000..0a763d3 --- /dev/null +++ b/Configuration-pywallter-avec-Nginx---.md @@ -0,0 +1,87 @@ +## Configuration de pywallter avec nginx comme proxy +** On assumera que vous avez préalablement crée vos certificats SSL ** + +Dans le fichier config.py il faut régler la variable BASE_URL comme ceci + + BASE_URL="https://mondomaine.net/" + +Ensuite vous pouvez lancer le programme comme ceci: + python3 wsgi.py + +Voici un fichier d'example pour nginx : + + server { + listen 80; + server_name mondomaine.net; + + #Ajout pour les certificats letsencrypt + #include snippets/acme-challenge.conf; + + return 301 https://$http_host$request_uri; + + root /htdocs/; + + } + + server { + listen 443 ssl http2; + server_name mondomaine.net; + + + ssl_certificate /etc/ssl/mondomaine.net.crt; + ssl_certificate_key /etc/ssl/private/mondomaine.net.key; + sl_dhparam /etc/nginx/dhparam.pem; + ssl_protocols TLSv1.2 TLSv1.3; + + ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 +SHA !aNULL !eNULL !LOW !kECDH !DSS !MD5 !RC4 !EXP !PSK !SRP !CAMELLIA !SEED'; + ssl_prefer_server_ciphers on; + # Speeds things up a little bit when resuming a session + ssl_session_timeout 5m; + ssl_session_cache shared:SSL:5m; + + + #Ajoute gzip mais n'enleve pas les ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # duration=365days + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff"; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Content-Security-Policy "upgrade-insecure-requests"; + add_header Content-Security-Policy-Report-Only " default-src https: data: 'unsafe-inline' 'unsafe-eval'"; + + + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + + + # Speeds things up a little bit when resuming a session + # ssl_session_timeout 5m; + # ssl_session_cache shared:SSL:5m; + + + # Taille maximum pour les envoie de fichier : + client_max_body_size 100M; + + location / { + proxy_pass http://127.0.0.1:8000/; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Prefix /; + } + + # Path to the root of your installation + root /htdocs; + + } +